CVE-2022-0579
published 2022-02-14CVE-2022-0579: Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.02%
59.0th percentile
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | >= 0 < 5.3.9 | 5.3.9 |
| snipe | snipe_snipe-it | >= unspecified < 5.3.9 | 5.3.9 |
| snipeitapp | snipe-it | < 5.3.9 | 5.3.9 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Privilege Management in Snipe-IT
ghsa·2022-02-15
CVE-2022-0579 [MEDIUM] CWE-269 Improper Privilege Management in Snipe-IT
Improper Privilege Management in Snipe-IT
Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content.
OSV
Improper Privilege Management in Snipe-IT
osv·2022-02-15
CVE-2022-0579 [MEDIUM] Improper Privilege Management in Snipe-IT
Improper Privilege Management in Snipe-IT
Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content.
Red Hat
vim: use-after-free in process_next_cpt_value() at insexpand.c
vendor_redhat·2022-09-25·CVSS 7.8
CVE-2022-3297 [HIGH] CWE-416 vim: use-after-free in process_next_cpt_value() at insexpand.c
vim: use-after-free in process_next_cpt_value() at insexpand.c
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone ju
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-14
Published